Sunday, May 8, 2011

Controlling permissions of files on a drive

If you have mounted FAT or NTFS partitions on your Linux machine, you'd have noticed this: all files and directories on those partitions have their permissions set to 777, meaning anyone can do anything.  I get annoyed when files that are not commands have execute permissions.  In addition to being a security risk, I find them aesthetically displeasing.

There's an easy solution, of course.  We can make all files from that partition non-executable by setting an appropriate fmask value in its fstab entry.  Mine looks like this:
/dev/sda3 /mnt/win ntfs-3g defaults,fmask=111 0 0
I have set the fmask to 111, which is execute permission for owner, group, and everyone. Since masks specify what operations are not permitted, no file in that drive would be executable.

There's also a dmask that restricts directory permissions.

No comments:

Post a Comment